DarkOwl Cybersecurity Threat Intelligence Analysts continue to follow developments on the WannaCry ransomware attack that began on 11 May 2017. Below summarizes the latest findings related to WannaCry as of the morning of 31 May 2017:

Deployment and language analysis indicate the attack is of Chinese origin. (1,2)

Methods exist to recover some or all (3,4) files encrypted by WannaCry and for older versions of Windows XP (SP1 and SP2) to self-generate a decryption key. (5)

Reports are mixed on whether paying the ransom to attackers resulted in victims receiving viable decryption keys; however, paying ransom is generally not recommended. (6,7,8)

Lists of decryption keys are becoming available as they are publicly posted. (9)